Configure the AD Sync by editing the "docMgt.ADSync.exe.config" file in Notepad or similar text editor.



IMPORTANT! Only change the Value="" part of the config file. Do not change any other parts or the application may not work or work properly.




The following settings are required to be set and changed during installation and testing process


dmServerURL - The URL of the docMgt server to sync with AD. This must be the complete URL. For example, https://yourserver.domain.com.


dmSyncUser - This is the login name of the user to use for managing docMgt. This MUST be an existing docMgt user with Administrator rights in order to sync with the domain.


dmSyncPassword - This is the password of the user to use for managing docMgt.


DirectoryType - Set to Domain, ApplicationDirectory, Machine depending on where you are syncing users from.


DebugMode - Set to "true" to run through the process and log the changes that would be made but NOT actually make them. This is useful during testing to be sure all the users and groups you expect to see are there. Set it to "false" to actually sync the users and groups.


PauseMode - Set to "true" to have the process stop at the end of the sync and wait for a key to be pressed before exiting. This is useful to review the output while testing. Set it to "false" to have the program exit immediately when finished. You should set this to "true" in production.



The following settings are usually changed but not always


SyncGroup - This is the name of the AD group that holds the users that will be synced into docMgt. Use this ONLY if you wish to only sync a specific group to docMgt. If this is left blank then all AD users will be synced into docMgt.


dmAdminGroup - This is the name of the AD group that holds the users that will be synced from AD to docMgt as docMgt Administrators. Any user in this AD group will have its ADMIN flag set to ON so they will be an administrator in docMgt. If you later remove the user from this AD group then that user will have its Administrator flag in docMgt removed when this sync happens again.


dmReportingGroup - This is the name of the AD group that holds the users that will be synced from AD to docMgt as docMgt Reporting Users. Any user in this AD group will have its REPORTING flag set to ON so they will be able to run reports in docMgt. If you later remove the user from this AD group then that user will have its Reporting flag in docMgt removed when this sync happens again.


DefaultPassword - This is the password that will be assigned to any users that are created in docMgt via the AD Sync process. Newly-created users will be forced to change their docMgt password upon their first login but ONLY if they are not logging in user AD or Azure AD integrated logins.



The following settings are usually NOT changed


UserNameProperty - This is the property of the AD User objects that you wish to use for the UserName. The choices are SamAccountName, Name, EmailAddress, DisplayName and UserPrincipalName. The default is to use SamAccountName but it is sometimes better to use EmailAddress if you are integrating with other systems such as Azure AD.


DomainServer - Only valid for Domain type and not usually necessary. Only needed if sync machine needs to be told what domain server to talk with..


DomainContainer - If you are using Domain or ApplicationDirectory types then this is the Distinguished Name of the container in AD to sync with. Not valid for Machine. If blank then the root of AD is used..


LockToADGroups - Set to "true" so synced users can only have docMgt Teams that match their AD groups. Set to "false" so synced users can also have separate docMgt teams.


RecursiveGroups - Set to "true" to have the process check each user's groups in a nested fashion. Set to "false" to only check each user's direct group memberships. Recursive is slower than direct but there are times when you want to be able to get to all the user's nested groups as well.


RemoveInactive - Set to "true" to have the process remove any users that are no longer in the sync group. For this to work you need Server version 3.46 or higher. This can only remove users that were added into the system by the sync tool on or after the 3.46 release as well.


ForcePasswordChange - Set to "true" to force users to change their password on first login. This works ONLY as their account is first added. IF USING SSO (Single Sign On) THEN ALWAYS SET THIS TO FALSE!.


SyncManager - Set to "true" to have the users' Manager property synced into their Manager / Supervisor setting in DocMgt.